GitHub Advisory Database
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
GitHub reviewed advisories
Unreviewed advisories
Language support
Unreviewed advisories have not been assessed by GitHub for quality and do not connect to the Dependabot service.
Filter advisories
Filter advisories
GitHub reviewed advisories
All reviewed
5,000+
Composer
3,683
Erlang
29
GitHub Actions
16
Go
1,708
Maven
4,944
npm
3,473
NuGet
603
pip
2,995
Pub
10
RubyGems
826
Rust
773
Swift
34
Unreviewed advisories
All unreviewed
5,000+
2,346 advisories
Filter by severity
Liferay Portal's account lockout does not invalidate existing user sessions
Moderate
CVE-2023-47798
was published
for
com.liferay.portal:release.dxp.bom
(Maven)
Feb 8, 2024
Graylog session fixation vulnerability through cookie injection
Moderate
CVE-2024-24823
was published
for
org.graylog2:graylog2-server
(Maven)
Feb 7, 2024
Liferay Portal denial of service (memory consumption)
Moderate
CVE-2024-25143
was published
for
com.liferay.portal:release.portal.bom
(Maven)
Feb 7, 2024
Apache Ozone Improper Authentication vulnerability
Moderate
CVE-2023-39196
was published
for
org.apache.ozone:ozone-main
(Maven)
Feb 7, 2024
Spring Security's spring-security.xsd file is world writable
Moderate
CVE-2023-34042
was published
for
org.springframework.security:spring-security-config
(Maven)
Feb 6, 2024
Malicious input can provoke XSS when preserving comments
Moderate
CVE-2024-23635
was published
for
org.owasp.antisamy:antisamy
(Maven)
Feb 2, 2024
Duplicate Advisory: Central Dogma Authentication Bypass Vulnerability via Session Leakage
Moderate
GHSA-qfv2-3p2f-vg48
was published
for
com.linecorp.centraldogma:centraldogma-server
(Maven)
Feb 2, 2024
•
withdrawn
CrateDB database has an arbitrary file read vulnerability
Moderate
CVE-2024-24565
was published
for
io.crate:crate
(Maven)
Jan 30, 2024
CSRF vulnerability in Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23902
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Path traversal vulnerability in Jenkins Matrix Project Plugin
Moderate
CVE-2024-23900
was published
for
org.jenkins-ci.plugins:matrix-project
(Maven)
Jan 24, 2024
Shared projects are unconditionally discovered by Jenkins GitLab Branch Source Plugin
Moderate
CVE-2024-23901
was published
for
io.jenkins.plugins:gitlab-branch-source
(Maven)
Jan 24, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22497
was published
for
com.jfinal:jfinal
(Maven)
Jan 23, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22496
was published
for
com.jfinal:jfinal
(Maven)
Jan 23, 2024
Cross-site Scripting in beetl-bbs
Moderate
CVE-2024-22490
was published
for
com.ibeetl:beetl
(Maven)
Jan 23, 2024
keycloak-core: open redirect via "form_post.jwt" JARM response mode
Moderate
GHSA-9vm7-v8wj-3fqw
was published
for
org.keycloak:keycloak-core
(Maven)
Jan 23, 2024
Insertion of Sensitive Information into Log File in OWASP DependencyCheck
Moderate
CVE-2024-23686
was published
for
org.owasp:dependency-check-ant
(Maven)
Jan 20, 2024
Hard-coded credentials in org.folio:mod-remote-storage
Moderate
CVE-2024-23685
was published
for
org.folio:mod-remote-storage
(Maven)
Jan 19, 2024
JavaScript execution via malicious molfiles (XSS)
Moderate
CVE-2024-0758
was published
for
de.ipb-halle:molecularfaces
(Maven)
Jan 19, 2024
Improper Verification of Cryptographic Signature in aws-encryption-sdk-java
Moderate
CVE-2024-23680
was published
for
com.amazonaws:aws-encryption-sdk-java
(Maven)
Jan 19, 2024
Apache Tomcat vulnerable to Generation of Error Message Containing Sensitive Information
Moderate
CVE-2024-21733
was published
for
org.apache.tomcat.embed:tomcat-embed-core
(Maven)
Jan 19, 2024
Stored Cross Site Scripting in beetl-bbs
Moderate
CVE-2024-22491
was published
for
com.ibeetl:beetl
(Maven)
Jan 16, 2024
Apache Shiro vulnerable to path traversal
Moderate
CVE-2023-46749
was published
for
org.apache.shiro:shiro-core
(Maven)
Jan 15, 2024
Apache Solr allows read access to host environmet variables
Moderate
CVE-2023-50290
was published
for
org.apache.solr:solr-core
(Maven)
Jan 15, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22493
was published
for
com.jfinal:jfinal
(Maven)
Jan 12, 2024
Cross-site Scripting in JFinal
Moderate
CVE-2024-22492
was published
for
com.jfinal:jfinal
(Maven)
Jan 12, 2024
ProTip!
Advisories are also available from the
GraphQL API